Fix alert resource names for ELB and CI source attribution

[Alexanderamiri]

Summary

• ELB resource names: Extract target group name, rule ARN, listener ARN from nested CloudTrail response structures. Fixes "unknown" resource name for CreateTargetGroup and CreateRule alerts.
• CI source links: Extract GitHub run ID from session name convention (javabin-*-{run_id}), infer repo from role name (ci-infra → javaBin/platform, ci-app-X → javaBin/X). Alerts now show clickable repo + run links even when OIDC session tags aren't in CloudTrail.

Test plan

• Next ELB change should show target group name instead of "unknown"
• CI-triggered alerts should show repo link + Actions run link

[github-actions]

Terraform Plan

🚧 Changes detected — Plan: 0 to add, 2 to change, 0 to destroy.

Plan output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.lambdas.aws_lambda_function.securityhub_summary will be updated in-place
  ~ resource "aws_lambda_function" "securityhub_summary" {
        id                             = "javabin-securityhub-summary"
      ~ last_modified                  = "2026-03-16T19:34:32.000+0000" -> (known after apply)
      ~ source_code_hash               = "RTfy+TJq/1kcGZP7T5Sj9Ri9YYvO4gxnO4iK4neALxo=" -> "pU/wjCWqsyj/zHkvhqB/VrSJlkVtVQCaiMmrm0J2U3A="
        tags                           = {}
        # (21 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.lambdas.aws_lambda_function.slack_alert will be updated in-place
  ~ resource "aws_lambda_function" "slack_alert" {
        id                             = "javabin-slack-alert"
      ~ last_modified                  = "2026-03-16T19:34:44.000+0000" -> (known after apply)
      ~ source_code_hash               = "RTfy+TJq/1kcGZP7T5Sj9Ri9YYvO4gxnO4iK4neALxo=" -> "pU/wjCWqsyj/zHkvhqB/VrSJlkVtVQCaiMmrm0J2U3A="
        tags                           = {}
        # (21 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

---

LLM Review

Risk: 🟢 LOW

Routine Lambda function code updates for securityhub_summary and slack_alert with source code hash changes.

• ✅ [routine] Lambda function source_code_hash updates indicate code changes in securityhub_summary and slack_alert functions. These are in-place updates with no infrastructure changes.
• ✅ [routine] No resources are being created, destroyed, or replaced. Only 2 Lambda functions are being updated with new code versions.
• ✅ [routine] No IAM permissions, security groups, or access controls are being modified. Existing permissions remain unchanged.
• ✅ [routine] No cost implications - existing Lambda functions are being updated in-place without scaling changes or new billable resources.
• ✅ [routine] No data loss risk - this is a code update to monitoring/alerting functions with no database or state changes.